|
What is anyone's take on NetBSD's focus on xen vs. FreeBSD jails? It seems NetBSD believes lightweight xen instances are the way to go for service insulation while FreeBSD wants jails to be at least kind of on par security-wise. For instance, how bad is the overhead to be expected from xen and how much extra hassle do jails create?
|
# ? Jan 7, 2014 23:50 |
|
|
# ? May 30, 2024 01:39 |
|
Is there an easy way to copy an ACL to a directory from another, and apply it to all child objects? FreeBSD 9.2 ZFS (NFSv4 ACLs) I've seen commands like "getfacl dir1 | setfacl -b -n -M - dir2", but "dir2" still has its old ACLs, and it's not applied to child objects.
|
# ? Jan 13, 2014 23:59 |
|
double riveting posted:What is anyone's take on NetBSD's focus on xen vs. FreeBSD jails? It seems NetBSD believes lightweight xen instances are the way to go for service insulation while FreeBSD wants jails to be at least kind of on par security-wise. FYI, the NetBSD Xen guy is writing that same Dom0 code for FreeBSD now. Jails vs Xen: Jails: zero overhead -- native performance for everything (disk access, network access, CPU). There are some fringe limitations you need to be aware of as it's not a fully virtualized OS (see Bhyve) Xen: quite a bit of overhead everywhere by nature of the design. Process forking is super painful, anything using lots of context switches, and disk access are all weak areas for any OS running under Xen, VMWare, or KVM. Ex: portsnap extract, large svn access, freebsd-update (runs sha256 on the entire base system) will be really slow in comparison. Xen in 10.0 is better thanks to the work by Roger Pau Monne of Citrix, but it's still not comparable for workloads that require disk access. Bhyve (included in FreeBSD 10!!) is probably what you want if you need full virtualization. It's hands down better than any other hypervisor on the market because it's legacy free feld fucked around with this message at 14:55 on Jan 14, 2014 |
# ? Jan 14, 2014 00:08 |
|
Xenomorph posted:Is there an easy way to copy an ACL to a directory from another, and apply it to all child objects? Want to get your hands dirty? See if this patch to mtree still applies cleanly: http://heka.cenkes.org/sat/diffs/mtree_acl.diff Get an mtree dump of the source directory. Confirm ACLs are in there. Note what the ACLs look like. Get an mtree dump of the destination directory. Remove the old ACLs (grep -v?). Use a script to apply the new ACLs to every object (sed would probably work). Now go ahead and apply that mtree dump to the directory structure. Dirty, but should work.
|
# ? Jan 14, 2014 15:35 |
|
Honestly, I do not want to get too dirty, at the moment. It looks like I was able to copy the ACL from source directory to target directory, but it left the existing ACLs in place that were not specifically overwritten by the source directory's ACLs. This worked: code:
code:
code:
code:
|
# ? Jan 14, 2014 20:10 |
|
Good news everyone: FreeBSD 10.0-RELEASE has been committed. Release images are in progress. Feel free to pull svn from releng/10.0 if you want to build it yourself now.
feld fucked around with this message at 18:54 on Jan 15, 2014 |
# ? Jan 15, 2014 16:10 |
|
Man, I still remember when FBSD 10 was just a distant pipe dream. Kudos to the devs.
|
# ? Jan 15, 2014 20:12 |
|
Leb posted:Man, I still remember when FBSD 10 was just a distant pipe dream. Kudos to the devs. 4 to 5 was the first system upgrade I can remember having done, so accidentally upgrading to 11 today was ... yeah. It's been around for a while.
|
# ? Jan 16, 2014 01:10 |
|
The isos for 10 are out now
|
# ? Jan 21, 2014 03:33 |
|
Did anyone else have problems with freebsd-update? I'm upgrading from 9.1-release to 10.0-release and it keeps on reporting integrity check fail. A quick google search tells me that I have to upgrade to the latest 9.x release then upgrade from that to 10.0. Is it really supposed to be that draconian?
|
# ? Jan 21, 2014 05:52 |
|
Whatever happened to the FreeBSD torrent tracker site?
|
# ? Jan 21, 2014 15:23 |
|
lostleaf posted:Did anyone else have problems with freebsd-update? I'm upgrading from 9.1-release to 10.0-release and it keeps on reporting integrity check fail. A quick google search tells me that I have to upgrade to the latest 9.x release then upgrade from that to 10.0. Is it really supposed to be that draconian? Yes, it is.
|
# ? Jan 21, 2014 16:36 |
|
Bob Morales posted:Whatever happened to the FreeBSD torrent tracker site? The freebsd.org run site was removed for security reasons, and it looks like the community run alternative doesn't have the 10 isos up yet.
|
# ? Jan 21, 2014 17:39 |
|
Just ordered a Raspberry Pi to try to put 10.0 on it. A little psyched to give it a go, its a been a while since I have messed with FreeBSD. Anyone else tried it out yet and run in to weird issues?
|
# ? Jan 21, 2014 19:39 |
|
MrDoDo posted:Just ordered a Raspberry Pi to try to put 10.0 on it. A little psyched to give it a go, its a been a while since I have messed with FreeBSD. Anyone else tried it out yet and run in to weird issues? Well, it's ARM. And that's not really a well supported architecture (yet). But there are devs pushing forward with FreeBSD on ARM. I have no idea how hard it will be, but I imagine you'll have to cross-compile your own ARM installation media unless you can find an image someone else has already provided.
|
# ? Jan 22, 2014 14:09 |
|
How does this happen? http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/155163 I've been looking for an easy way to recursively apply ACLs. FreeBSD's "setfacl" command does not work recursively. There is a patch for it to do so, submitted March 1st, 2011. How long does it usually take for something like to be accepted? It seems like Linux has had this ability for a while ("setfacl -R"), but FreeBSD doesn't. I want to do the equivalent of this: code:
|
# ? Jan 22, 2014 23:48 |
|
Ok how hosed am I? I was doing an update from 9.1 to 10 and my / partition is so small I run out of disk space. I clear some room (delete /boot/kernel.old) and start over with the "freebsd-update -r 10.0-RELEASE upgrade" Again it bails out for lack of disk space but not quite as bad. I do the "freebsd-update install" you're supposed to do after the reboot without rebooting, I'm sure this is also bad. I did reboot soon after this, and waiting for a box you know you just hosed UP pretty badly to come up remotely is a great feeling. It did though, which actually shocked me. Took it sweet time of course. When I run "freebsd-update IDS" I get a huge list of very important looking system files that apparently all have the wrong permissions, possibly not the end of the world right? Both of my 6 disk ZFS pools came up ok, though I had to manually re-add everyone on Samba. It won't let me try to upgrade to 10.0-RELEASE again because it thinks I'm already running it, so I must have had partial success. I'm really kicking myself now for now doubling the size of the root partition when I initially set this up. Should I just completely rebuild this system? Have I got it in such a state I'll be screwed next time I try and update?
|
# ? Jan 23, 2014 15:01 |
|
roadhead posted:Ok how hosed am I? download base.txz and probably lib32.txz and extract it somewhere. replace every system file/binary that FreeBSD-IDS reported as being a mismatch. use rsync or cpdup to make sure the files get put back with the right permissions. ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/10.0-RELEASE in fact, you could just extract it over your / and tell it to ignore /etc... code:
edit: on-the-fly method because you're low on disk space code:
feld fucked around with this message at 17:03 on Jan 25, 2014 |
# ? Jan 25, 2014 16:44 |
|
Xenomorph posted:How does this happen? Reply to the PR showing interest. I have no idea why it wasn't committed; maybe the person it was assigned to was really busy and it fell off the radar. I'll see what I can find... edit: i've worked with trasz before. I've emailed him. Hopefully this gets committed. Persistence is everything. FreeBSD devs tend to be insanely busy. As long as a patch is complete, adheres to style(9), and provides documentation it should not be rejected. It does require someone to champion the patch, though. feld fucked around with this message at 17:09 on Jan 25, 2014 |
# ? Jan 25, 2014 17:05 |
|
feld posted:download base.txz and probably lib32.txz and extract it somewhere. replace every system file/binary that FreeBSD-IDS reported as being a mismatch. use rsync or cpdup to make sure the files get put back with the right permissions. I did that (apparently src.txz actually contained most of the files I wanted to fix the permissions of) but now small parts of where I untarred the files to (/usr/home/username/Downloads/) refuse to delete? ("rm: chfn: Operation not permitted" is the error) And I'm root? Anyway, thanks for the help, I can rest easier now safe in the knowledge that my system files are as they should be.
|
# ? Jan 27, 2014 18:34 |
|
roadhead posted:I did that (apparently src.txz actually contained most of the files I wanted to fix the permissions of) but now small parts of where I untarred the files to (/usr/home/username/Downloads/) refuse to delete? ("rm: chfn: Operation not permitted" is the error) code:
|
# ? Jan 27, 2014 19:21 |
|
feld posted:
Yep that did the trick. Is this file attribute stuff new or am I just that far out of the loop?
|
# ? Jan 27, 2014 20:30 |
|
roadhead posted:Yep that did the trick. Is this file attribute stuff new or am I just that far out of the loop? certain files that come with the base system are protected that way, as well as /var/empty directory. Has been that way for quite some time. I don't know much more about it other than the intention of protecting them.
|
# ? Jan 27, 2014 21:06 |
|
feld posted:certain files that come with the base system are protected that way, as well as /var/empty directory. Has been that way for quite some time. I don't know much more about it other than the intention of protecting them. The scariest part is I log into this machine daily and it works silently, tirelessly and with obviously zero effort or knowledge on my part 99.9% of the time. Serving terabytes upon terabytes of data with shoddy Newegg special parts and WD 1.5 terabyte greens. For YEARS now. loving BSD.
|
# ? Jan 28, 2014 00:41 |
|
roadhead posted:The scariest part is I log into this machine daily and it works silently, tirelessly and with obviously zero effort or knowledge on my part 99.9% of the time. Serving terabytes upon terabytes of data with shoddy Newegg special parts and WD 1.5 terabyte greens. For YEARS now. code:
|
# ? Jan 28, 2014 00:51 |
|
feld posted:
You're still running FreeBSD 6.x?
|
# ? Jan 28, 2014 02:30 |
|
feld posted:Well, it's ARM. And that's not really a well supported architecture (yet). But there are devs pushing forward with FreeBSD on ARM. freebsd has a dedicated Raspberry Pi flavor.
|
# ? Jan 28, 2014 08:13 |
|
sports posted:freebsd has a dedicated Raspberry Pi flavor. That's a pretty strong inference. You will not find ARM or Raspberry Pi here: http://ftp.freebsd.org/pub/FreeBSD/releases/ It is a Tier-2 architecture. Hopefully in 2014 it can move to Tier-1, but that depends on the ability to obtain fast ARM hardware that can be used for testing and native package building. SamDabbers posted:You're still running FreeBSD 6.x? That's a non-public traffic shaper, but I hardly see that as unusual. Yahoo still runs FreeBSD 4.11 in a lot of places (though they call their fork YBSD). They've struggled to upgrade because they waited too long, but work is progressing more quickly these days. I know of a financial company with 100% uptime over the last decade that moves trillions of dollars per year and they still have FreeBSD 4.11 servers out there too. Old is not necessarily bad if you know what you're doing, but personally I prefer to keep up on every server I can. feld fucked around with this message at 14:38 on Jan 28, 2014 |
# ? Jan 28, 2014 14:35 |
|
feld posted:That's a pretty strong inference. You will not find ARM or Raspberry Pi here: http://ftp.freebsd.org/pub/FreeBSD/releases/ http://www.freebsd.org/releases/10.0R/relnotes.html
|
# ? Jan 29, 2014 05:59 |
|
From what I can gather it seems to still need to build your own image (as outlined here from the release notes http://kernelnomicon.org/?p=275). Its kind of confusing since it says ARM is officially supported but I guess just no img is release.
|
# ? Jan 29, 2014 09:49 |
|
You can always just try NetBSD.
|
# ? Jan 29, 2014 10:08 |
|
Riso posted:You can always just try NetBSD. Even long term developers are leaving NetBSD. It's a sad sight feld fucked around with this message at 14:19 on Jan 29, 2014 |
# ? Jan 29, 2014 14:03 |
|
That's a bummer, but then they also managed to drive out Theo de Raadt with his followers oh so many years ago.
|
# ? Jan 29, 2014 14:44 |
|
I put 10 on an hp netbook, and after tinkering with it for a while it's up and running well. Sound and video work perfectly with no config, encrypted zfs on root with only minor config needed, and pretty much everything builds cleanly and / or has a package. A bit of work and I have youtube with flash support and everything else. The wireless wasn't detected but I'll just use a card for that, otherwise it builds just about anything fine, and I've set up xfce, gnome, e17. Mostly I use gnome but the others are a bonus. It's by no means ready for grandma, but once it's up and running, configured correctly a grandma could use it without much issue. They've really worked on this recently and it shows. I didn't recompile the kernel because it's fine for my needs anyway, and they're still working out a few kinks with clang apparently - there's a caution against using it to recompile the system, so I'm not futzing with it. Only problem I've had so far is that the install for openjdk6 (a current revision) says to mount an fdesc partition, but if I add that to fstab it hangs the system on boot. I can manually mount the partition, which works but I'm not even sure it's actually needed. I was able to mount proc in fstab, but not linproc or fdesc - it bombs when it boots if I do that. Is fdesc / linproc really even useful (should I bother to mount it otherwise) ? I went ahead and just wrote a couple rc.d scripts and enabled them, so they're mounted but I'm curious. With systemd I'd think linproc is less critical for linux apps, and I don't know how important fdesc really is to java either. Anyways. But yeah 10 on the netbook has made for a nice desktop so far, and surprisingly zippy.
|
# ? Jan 29, 2014 18:16 |
|
Broken Machine posted:I didn't recompile the kernel because it's fine for my needs anyway, and they're still working out a few kinks with clang apparently - there's a caution against using it to recompile the system, so I'm not futzing with it. The entire kernel and world is built with CLANG for 10.0+. GCC is dead. Everything in ports that can be built with CLANG will be built with CLANG. Broken Machine posted:Only problem I've had so far is that the install for openjdk6 (a current revision) says to mount an fdesc partition, but if I add that to fstab it hangs the system on boot. I can manually mount the partition, which works but I'm not even sure it's actually needed. I was able to mount proc in fstab, but not linproc or fdesc - it bombs when it boots if I do that. What's your filesystem layout? Is it trying to mount those filesystems before the zfs filesystems underneath are all there? Try putting "late" in the fstab options field so it mounts them as one of the very last things to do in the boot process. code:
|
# ? Jan 29, 2014 21:19 |
|
CLANG was designed as a GCC drop in replacement, but I am not sure it really works on non-86x architectures acceptably.
|
# ? Jan 29, 2014 21:27 |
|
feld posted:The entire kernel and world is built with CLANG for 10.0+. GCC is dead. Everything in ports that can be built with CLANG will be built with CLANG. I know that, I'm just not sure if I have to play around with the linker or whatever to get it to build and work correctly, and so I didn't really feel like messing with it and didn't. quote:What's your filesystem layout? Is it trying to mount those filesystems before the zfs filesystems underneath are all there? Try putting "late" in the fstab options field so it mounts them as one of the very last things to do in the boot process. Thanks. It's just a standard, default zfs install from the installer. It hangs shortly after it mounts the zfs root so it's probably related to that. I think I'll just leave it in the rc.d since it's already installed and working. Mostly I'm just curious if either or both are truly necessary; the handbook doesn't seem to mention linproc anymore in the guide to setting up flash for example.
|
# ? Jan 29, 2014 21:34 |
|
Broken Machine posted:I put 10 on an hp netbook, and after tinkering with it for a while it's up and running well. Sound and video work perfectly with no config, encrypted zfs on root with only minor config needed, and pretty much everything builds cleanly and / or has a package. A bit of work and I have youtube with flash support and everything else. The wireless wasn't detected but I'll just use a card for that, otherwise it builds just about anything fine, and I've set up xfce, gnome, e17. Mostly I use gnome but the others are a bonus. It's by no means ready for grandma, but once it's up and running, configured correctly a grandma could use it without much issue. They've really worked on this recently and it shows. I didn't recompile the kernel because it's fine for my needs anyway, and they're still working out a few kinks with clang apparently - there's a caution against using it to recompile the system, so I'm not futzing with it. When you say Gnome, what version is that? Looks like 2.x ?
|
# ? Jan 29, 2014 22:11 |
|
wooger posted:When you say Gnome, what version is that? Looks like 2.x ? That's actually enlightenment (e17), but I built gnome 2.32.1 as well. Here's gnome: e: revised screenshot Broken Machine fucked around with this message at 22:32 on Jan 29, 2014 |
# ? Jan 29, 2014 22:27 |
|
|
# ? May 30, 2024 01:39 |
|
Broken Machine posted:I know that, I'm just not sure if I have to play around with the linker or whatever to get it to build and work correctly, and so I didn't really feel like messing with it and didn't. On amd64 you'd have to do some extra work to not build with clang; it has effectively been the only compiler supported there for a while. I mean, it probably works with GCC, since some of the other archs need it - but it's GCC that is the "play around with to make it work" choice now.
|
# ? Jan 30, 2014 00:52 |